[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Source-only uploads

Last I asked on #debian-devel, source-only uploads aren't allowed (as in, you
can't just upload the orig.tar and the diff.  With auto-builders in place, is
there any reason why?

There are reasons why source-only uploads should be preferred, some being:

- The package can be compiled on boxes that are up-to-date with bugfixes in gcc
and other Build-Depends.  I personally don't upgrade my sid box that often
(I currently have to upgrade 843 new packages, install 33 new ones, remove 17
for a dist-upgrade, understand why? :)

- Wouldn't the binaries be more trusted if they came from auto-builders anyways?
So that way a maintainer can't just stick something in there that's not in the
source code.

Binary uploads should be allowed for packages that don't have source code at
all or ones that depend on themselves for bootstrapping.

For every other package, why aren't we using a source-only upload system right

Jonathan Hseu <vomjom@vomjom.org, vomjom@debian.org, jh4@cec.wustl.edu>
GPG ID:          5228D713
GPG fingerprint: 220B A4EF 70FE B884 CB38  F93F EA8A 1024 5228 D713

Attachment: pgppQYJ6rBRbU.pgp
Description: PGP signature

Reply to: